One user is on a connection with 10ms latency, the other user is on 50 ms latency. Now, if first user does something, and second user can either do something to evade or can do something that actually prevents the first user from acting, how do you consolidate that?
The actual timestamp of when exactly what happened helps immensely, but you have to trust the timestamp. And how can you know that is not manipulated?
But... that's just the surface. Consider: one client uses a rendering that takes 25ms longer to show up and another client does not render textures/shadows etc. That client is faster and the sender can even send "official" response times, but would still give an advantage.
So, I am not sure this can be solved serverside. But... I don't play these games anymore and would never opt for a rootkit to be installed just so I can play. I can imagine plenty of people, though, who would.
You don't have to trust the timestamp - and you shouldn't. You can use a bunch of methods to go from untrusted to grudgingly accepted: requiring monotonicity means cheating clients have to be permanently slower rather than selectively slower. Having tolerances for out of order packet rates or accepted deltas before discarding player actions will have some false positives for players on terrible networks, but will also reduce the impact of any possible timestamp-related cheats.
It can't be fully solved server side, not without sacrificing acceptable performance. I reckon it can probably be dealt with enough on server side to keep cheating to a tolerably low level. It's probably cheaper to just license a windows rootkit though.